1. Segregation of duties
Authorization: authorizes activities and makes decisions
Custody of assets:
maintians custody of assets (goods, money, data, …). Can only accept assets or release assets after approval by the authorizing function. Should deliver information to the record keeping function.
Record keeping: registrates/records all the activities taking place, independent from the persons authorizing and keeping custody
Reconciliation: checks the validity and completeness of the assignment given and reconciliate to check whether the execution was done right
Internal control Chapter 3: Control activities